Deploy Edge Router as Docker container


This install guide will walk you through the steps required to run the NetFoundry Edge Router image as a Docker container. This enables users to run a linux solution at the edge that can be integrated with SALT for network upgrades. The network below portrays a potential use case where 2 Docker hosts connect to some developer endpoints as well as resources in Azure vNET and AWS VPC. The resources in AWS, Azure and developer endpoints can access all pods/containers in each node by private Docker network interface e.g. The Edge Router containers are also able to connect to devices on the Node network.






This guide assumes you have at least 1 working Linux server with Docker installed. Administrators may also choose to use Docker-Compose for deployment.


Before You Begin

  1. Sign up for NetFoundry Account.
  2. Install Docker for your desired Linux O/S.
  3. NetFoundry Edge Router software can be downloaded from Dockerhub

Deploy Edge Router to host.

  1.  From your web console, create a Customer Hosted Edge Router.
  2. Copy key to be used for enrollment/registration.
  3. Deploy Ziti-Router Docker image.

Autonomous Ziti-Router Docker Image

Run ziti-router as a container. The ziti-router binary is saved under the persistent volume and autonomously maintains a consistent software versions to the Network Controller.


This image requires access to a NF console router registration key, and a persistent volume mounted at "/etc/netfoundry" to save the configuration file that is created when the one-time registration key is consumed.


  • REG_KEY: The router registration key retrieved from nfconsole.


  • /etc/netfoundry: Configuration files that result from enrollment will be stored here. This volume should be persistent to preserve the identity of the edge router. If this configuration is lost, it will be necessary to re-register your Edge Router. 



The ziti-tunnel image can be used in a vanilla Docker environment.

$ mkdir ./ziti_id

$ docker run -v $(pwd)/ziti_id:/etc/netfoundry \

    -e REG_KEY=<registration_key from console> \



              or to run in background 


$ docker run -d -v $(pwd)/ziti_id:/etc/netfoundry \

    -e REG_KEY=<registration_key from console> \




  • The ziti-router only runs the edge component.
  • The REG_KEY environment variable must be set to register the ziti-router to the network.
  • The "/etc/netfoundry" directory must be mounted on its own volume.
  • The Ziti Router container will update automatically and cannot be upgraded manually.
Was this article helpful?
1 out of 2 found this helpful



Please sign in to leave a comment.